Review of moving from NeuStar UltraDNS to Dynect Managed DNS Service

For many years I have used the UltraDNS service from NeuStar on behalf of several companies I have worked for, as it has been incredibly reliable and easy to use. I cannot, however, say it has been exactly inexpensive, and in recent years innovation has seemingly slowed to a crawl. Each time in the past that I have evaluated the field of other options, there has not been any “worthy” contenders in the space, until now that is.

After recently completing an evaluation and trial run of dyn.com’s Dynect service, we went ahead and switched over to their service for some very high volume domains that generate millions of queries a day.

A few notes on the transition process

The Neustar zone export tool had issues and was truncating zone file output on some of our zones (and loosing records in the process!). This is a serious bug (though one they may not be too heavily incentivized to fix). I have reported this bug to NeuStar and they informed me they were already aware of the issue.

So next up, I tried enabling the Dynect servers IP address to be allowed to do a zone transfer from UltraDNS, but it turned out, Dynect had a bug where they could not do zone transfers directly using AXFR from UltraDNS (they are actively working to fix this they tell me).

I ended up doing an AXFR out of UltraDNS from my desktop PC using DIG (after allowing my IP to do the transfer in the NeuStar control panel) and then pasting it into Dynect’s import tool. This process was slightly annoying, but in the grand scheme of things not a big deal (it took more time to validate all the data got moved over properly than anything else).

Notes on the Dynect platform

The real time reporting of queries per second is awesome functionality that I now consider to be critical. This is available from Dynect on a per zone, per record type, or per individual record basis. I did not know what I was missing before. It has allowed me to find a couple “issues” with my zone records that I would have otherwise been unaware of. With UltraDNS I had no idea how many queries I had used until the end of the month came around and I got a bill that included almost no detail.

One of these issues was the lack of AAAA (IPv6) records on one particular host entry that gets millions of queries per day. Newer Windows Vista and Windows 7 machines will attempt an IPv6 lookup in addition to (or before?) the IPv4 lookup as IPv6 is enabled by default. Since this site is not yet IPv6 enabled, we do not serve out an AAAA record and so instead the remote DNS server uses the SOA (Start of Authority) “minimum” value as the TTL (Time To Live) on the negative cache entry it adds to it’s system. The net result of this is that IPv4 queries get cached for the 6 hour TTL we have set, but IPv6 queries which result in a “non existant” answer only get cached for 60 seconds (which is the SOA minimum value Dynect uses). This results in huge query volumes for IPv6 records in addition to the IPv4 records, and this issue will only get worse as more end clients become IPv6 enabled but the site in question remains IPv4 only.

Dynect does not allow end users to muck with the SOA values (other than default TTL) which is highly unfortunate in my mind. NeuStar UltraDNS did allow these changes to be made by the end user on any zone. The good news is that Dynect was able to manually change my SOA minimum values to a longer interval for me (somewhat begrudgingly). They claim the lack of user control is by design (to keep people from messing something up that then gets cached for a long interval), though in my mind there needs to be an advanced user mode for those ready and willing to run that risk.

The other issue Dynect’s real time reporting shed light on for me was a reverse DNS entry that I was missing on a very high volume site, which was again causing high query volume to that IP as the negative cache interval was 60 seconds. I rectified this by adding an appropriate PTR record.

I do have to point out that I am not so thrilled with either the simple editor or the expert editor that Dynect provides. The tree control with leafs for every record is seemingly clunky to me, and the advanced editor is not the end all be all either (as certain functionality does not exist there, and it leaves you to edit certain records like SRV with multiple data values in a single text box). But these don’t really get in my way of being very happy with the service.

Perhaps of more concern to me is Dynect’s lack of a 24×7 NOC. Granted they have an on-call engineer 24×7, though for something as critical as DNS I would encourage them to staff a NOC as soon as their business can support it. This is a service offering UltraDNS has that I have utilized and been happy with in the past.

Another feature Dynect seems to do well is the ability to see what changes have been made to your zones (auditing ability). I have not dove into it too much with Dynect or UltraDNS, but it seems to exist as a core feature in a more useful fashion than I have seen on UltraDNS. One thing that I never could figure out on UltraDNS was how to go back and look at audit history for deleted records (not to mention confirmation of record modification or deletion).

I should note at this point one major difference between the pricing mechanisims for UltraDNS and Dynect. My experience with Ultra has been that they do things on a per bucket of 1000 queries basis. Dynect on the other hand bills on a 95th percentile basis of Queries Per Second (QPS) on a 5 minute interval, similar to what ISP’s bill for bandwidth. Depending on your usage patterns, either one of these billing models could be more adventagious to you.

Also, I am not going to dive into too much detail here, but UltraDNS and Dynect both offer gloabal server load balancing solutions that differ in one very key way- UltraDNS has a new solution that uses a Geolocate database to direct queries to a desired server based on source IP address, where as Dynect’s offering only provides the ability to do this based on their Anycast node locations. There are pro’s and con’s to each, perhaps that will become a future blog post.

Wrapping it up

UltraDNS is a great service that has proven itself reliable in the long run. I would recommend their service to others in the future. They do need to keep up with the changing technology however (new releases to the admin console indicate they are starting to head in this direction).

Dynect has assembled a fully competative (and better in some ways) offering that I would now classify as a viable option for most UltraDNS customers. My migration to their solution was very smooth and so far there have been no issues. I welcome Dynect to the Managed External DNS Service space and the healthy competition they provide.

I should also note that their sales and support team has treated us/me well. They genuinely seem to care about this stuff and I don’t come away with the slimy feeling after talking to them.

I disagree that Dynect is just a “hobbyist” service. Their commercial offering is based off an Anycast network design that currently has 12 nodes (similar to UltraDNS and it would appear also similar to dns.com which claims to have 8 nodes currently).

It is true that Dynect has it’s root in the free “dyndns.org” project, but it is clear to me that their offering has “grown up”. I have been impressed with how fluid the administration console is, and how quickly updates I make propagate out to the anycast nodes.

My dealings with Dynect have been completely professional in nature and they did not come off feeling like a bunch of amateurs. I did have that concern in the back of my mind as well before I started my evaluation of options.

Interestingly enough, DNS.com did not come up in any of my searching or through my contact network, but it does look interesting. It appears to be trying to break into UltraDNS’s market as well. I don’t have any facts to base an opinion on them yet. Perhaps I will give them a spin next time around. 😉

The first comment in this post couldn’t be further from the truth. Dynect is far from a hobbyist service… As for Neustarr, while UltraDNS is a great service, it’s grossly overpriced. Neustar’s management is also awful. Their sales tactics are aggressive to an almost disgusting level. Their sales people are frequently rotated around and many times misrepresent the product they’re pushing. Things to note is that you cannot downgrade your package from a higher tier to a lower tier. They won’t even want to talk to you. Never trust their sales person’s estimate of which query package you’re going to need. If you are coming from using your webhosts DNS servers or your domain providers DNS servers, do your own research prior to committing to a query package with them. I’ve NOT had good experiences with Neustar. I think Dynect is a much better company/service.

WATCHOUT FOR ULTRADNS!!! The service worked fine BUT after being a customer for many years this is how they responded when we no longer needed service (we hadn’t signed a new contract for 4 years!!!):

“We have reviewed your request to cancel and based on the terms of your contract it has been determined that your official cancel date is in five months. Your service will remain on and you will continue to be billed through then”

They then continued to bill us for 5 months and when we refused to pay the “bill” they sent it to a collections agency that started calling, emailing and threatening legal action. We spent more than 20K with them and always paid on time so again WATCH OUT!!!

Auto-renewing contracts suck. There is no business justification for them other than to lock in the customer beyond their initial term so that they can not make a different purchase decision but (lets say) once per year. It is completely to the benefit of the service provider. I have a personal policy to *never* sign auto-renewing contracts. Generally I have never had an issue getting those terms removed from contract language before signing contracts (they are just gravy terms that they try to throw in there).

I have to say that I agree with everything said here. We have been using UltraDNS for a short time and IS VERY grossly overpriced! We have switched to Dynect and have been very happy so far. The big downer here is the silly auto-renewing contract that Ultra has going and yes, they will ignore you when trying to talk about this or attempt to get out. And even if you do get a hold of someone, good luck getting any kind of breaks. Get a great, simple and reliable DNS service from Dynect and stay far away from UltraDNS. Be FOREWARNED!

Neustar is completely incompetent in the billing department. Their sales people put us on a contract to save money, but we’ve been getting billed for the new contract amount as well as the old month to month account for over a year now. Every few months I get letters from their idiot collections people because the old account is “past due”. Their DNS management interface is woefully outdated.